Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TorLocker encryption flawed


  • Please log in to reply
21 replies to this topic

#1 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:20 AM

Posted 10 April 2015 - 07:26 PM

Hi,

Kaspersky published a post today in which they announced that the encryption used in the TorLocker (or Scraper) ransomware is flawed and the keys can be recovered for about 2/3 of the people infected.

While they did not go into the details of what exactly is flawed, they are providing a free decryption tool for anyone that wants to try.

Their blog post is here:
https://securelist.com/blog/research/69481/a-flawed-ransomware-encryptor/

regards
myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+

BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:20 PM

Posted 10 April 2015 - 07:28 PM

At least they have the common sense to not go in details on what's flawed, not like a certain company who did it and made a Cryptoware author patch his malware. Plus one for Kaspersky :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 GT500

GT500

    Authorized Emsisoft Representative


  • Security Colleague
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fortville, Indiana, USA
  • Local time:10:20 PM

Posted 11 April 2015 - 01:45 AM

Thanks for the info. ;)

For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...


#4 Libyan expert

Libyan expert

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 AM

Posted 11 April 2015 - 09:25 AM

nice ...

That's good as they did not go in details on what's flawed so the malware author patch his mistake



#5 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,097 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 11 April 2015 - 12:33 PM

Or they may know details but don't want to tell.  :P


fseDQlO.jpg

 

 


#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:20 AM

Posted 11 April 2015 - 01:17 PM

Or they may know details but don't want to tell.  :P

It's better that they don't, Tenis.

#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:20 PM

Posted 11 April 2015 - 02:20 PM

Or they may know details but don't want to tell.  :P


If they do we'll have a patched TorLocker 2.0 that will not allow victims to decrypt their files without paying the ransom, and no one wants that to happen :P

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,097 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 11 April 2015 - 02:25 PM

I know,i m just saying that they know details doesn't mean they should public that. :P


fseDQlO.jpg

 

 


#9 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,153 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:20 AM

Posted 11 April 2015 - 11:44 PM

Good for not disclosing the details Kaspersky! :)


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#10 Bluediamond

Bluediamond

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:NASA
  • Local time:03:20 AM

Posted 12 April 2015 - 12:13 AM

I love Kaspersky AV those guys are the best! I am one of the lucky few who have had the pleasure and honor to see first hand what KAV does in their labs and Impressive is a understataement.



#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,153 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:20 AM

Posted 12 April 2015 - 12:17 AM

I love Kaspersky AV those guys are the best! I am one of the lucky few who have had the pleasure and honor to see first hand what KAV does in their labs and Impressive is a understataement.

 

Wow, that's cool! Also good that my university use Kaspersky Endpoint as their AV solutions.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 malwarian

malwarian

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 13 April 2015 - 02:55 AM

Hello all of my friends!

is TorLocker other name of TorrentLocker or it is another ransomware!?



#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:20 AM

Posted 13 April 2015 - 04:01 AM

Hello all of my friends!
is TorLocker other name of TorrentLocker or it is another ransomware!?


It's another ransomware unrelated to TorrentLocker.

#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:20 PM

Posted 13 April 2015 - 05:24 AM

malwarian, "Tor" and "Torrent" (the words) represents two different things, so like Alex said, they are different ransomware. Here:

Tor: https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29
Torrent: https://en.wikipedia.org/wiki/Torrent_file

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 malwarian

malwarian

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 13 April 2015 - 07:50 AM

 

Hello all of my friends!
is TorLocker other name of TorrentLocker or it is another ransomware!?


It's another ransomware unrelated to TorrentLocker.

 

 

malwarian, "Tor" and "Torrent" (the words) represents two different things, so like Alex said, they are different ransomware. Here:

Tor: https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29
Torrent: https://en.wikipedia.org/wiki/Torrent_file

 

thanks dear friends






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users